package com.huang.config;

import com.huang.util.WebUtils;
import com.sun.org.apache.bcel.internal.generic.NEW;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.access.AccessDeniedHandler;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //关闭跨域攻击
        http.csrf().disable();
        http.exceptionHandling()
                .accessDeniedHandler(accessDeniedHandler());

        http.authorizeRequests().anyRequest().permitAll();


    }

    public AccessDeniedHandler accessDeniedHandler(){
        return (request, response,  e)-> {

            Map<String,Object> map=new HashMap<>();
            map.put("state",403);//SC_FORBIDDEN的值是403
            map.put("message","没有访问权限,请联系管理员");
            WebUtils.writeJsonToClient(response,map);

            };


    }
}
